Channels

Services

Samba 3.0.25 fixes multiple security vulnerabilities

The developers of the open source Samba server have, with the latest version 3.0.25, fixed multiple vulnerabilities, some of which could be exploited by attackers to execute arbitrary malicious code on the server. The Samba developers have also released patches for the previous version.

One of the vulnerabilities fixed permitted an attacker to execute arbitrary code in a shell, as Samba failed to filter user entries received via MS-RPC and passed these to the /bin/sh command line interpreter on calling scripts executed in the smb.conf. In addition, crafted MS-RPC calls could cause a buffer overflow, allowing execution of injected malicious code. A further security vulnerability affected the translation of Windows SIDs in local user accounts. Under certain unspecified circumstances, translation could fail resulting in the user acquiring root privileges.

The bugs affect Samba version 3.0.0 to 3.0.25rc3. The translation errors affect versions 3.0.23d to 3.0.25pre2. The developers have fixed the problems in the newly released version 3.0.25.